AddressJPMorgan Chase's (JPMC) Corporate Third Party Oversight (CTPO) Program is a function within Global Supplier Services, responsible for developing, deploying and overseeing the framework that drives the effective use of suppliers to accomplish strategic goals. The CTPO Program covers oversight for both external Third-Party suppliers (TPO) and internal Intra-Affiliate (IAO) services and also includes Supplier Assurance Services (SAS) Governance and Risk Design. The CTPO Program is responsible for building Program awareness across the firm and ensuring consistency globally across all Lines of Business (LOBs) and Corporate Functions (CFs) including the understanding of outsourcing regulatory requirements and periodic updates to regulators on the CTPO Program. The Risk and Controls team within CTPO provides forward looking strategy for the function.
As an Application Security Expert, in Corporate Third Party Oversight you will ensure consistent and effective end-to-end risk management program is in place globally for Third Party-hosted applications. You will influence internal and external stakeholders to inform and ultimately mitigate Third Party application risk across the firm.
Job Responsibilities
- Drive the transformation agenda, including business justification and program build out.
- Partner with internal risk teams to support business as usual risk activities, reporting and project initiatives.
- Ensure risk impacting the business is effectively identified, quantified, communicated and remediated
- Influence supplier adoption of the product vision, roadmap, and risk control objectives
- Operationalize the Third Party Software Bill of Materials (SBOM) program
Required qualifications, capabilities, and skills
- 5+ years of experience in Third Party Risk Management (TPRM) or Governance, Risk Management, and Compliance (GRC), Cybersecurity, Application Security, Cloud Security Architecture (SaaS, PaaS & IaaS) within a large enterprise level environment
- 3+ years of experience using a broad set of technologies (e.g., servers, operating systems, applications, databases, hypervisors, virtualization management, containers, compute, storage, etc.)
- Strong leadership skills, ability to multitask, sense of ownership, attention to detail and quality, and deliver on commitments
- Understanding of Secure Software Development Life Cycle (SSDLC) (e.g., coding requirements, risk assessments, threat modeling, static code analysis, and dynamic application scanning)
Preferred qualifications, capabilities, and skills
- Certification in Public Cloud Technology from major Cloud Service Provider
- Experience with Software Bill of Materials (SBOM)
- CISSP, CISA, CISM, CCSP or CRISC certification
JPMorgan Chase & Co., one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world’s most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.
We offer a competitive total rewards package including base salary determined based on the role, experience, skill set, and location. For those in eligible roles, we offer discretionary incentive compensation which may be awarded in recognition of firm performance and individual achievements and contributions. We also offer a range of benefits and programs to meet employee needs, based on eligibility. These benefits include comprehensive health care coverage, on-site health and wellness centers, a retirement savings plan, backup childcare, tuition reimbursement, mental health support, financial coaching and more. Additional details about total compensation and benefits will be provided during the hiring process.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants’ and employees’ religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation.
JPMorgan Chase is an Equal Opportunity Employer, including Disability/Veterans
